Document toolboxDocument toolbox

auth.keepersecurity

Introduction

The tags beginning with auth.keepersecurity identify events generated by Keeper Security Audit. 

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as auth.keepersecurity. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Keeper Security Audit

auth.keepersecurity.audit.events

auth.keepersecurity.audit.events

Table structure

These are the fields displayed in this table:

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

name

str

 

audit_event

str

 

remote_address

str

 

client_version

str

 

timestamp

timestamp

 

username

str

 

enterprise_id

int4

 

username_new

bool

 

client_version_new

bool

 

device_name

str

 

recipient

str

 

origin

str

 

record_uid

str

 

shared_folder_uid

str

 

result_code

str

 

node

str

 

to_username

str

 

folder_type

str

 

folder_uid

str

 

role_id

str

 

enforcement

str

 

value

str

 

email

str

 

team_uid

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓